Managing L2-L3-Protocols

Note: in Pen-testing environment.

we must check routing table to check if there is device that has multiple routes.
some networks are isolated and segmented however if we added the route on routing table
we can access the Network(referencing routing table how it works).

netstat:

  • Best netstat combination:
netstat -tulnp => show current udp/tcp session and ports open locally and globally 
  • Others
netstat -a => list all services and port that are on.
netstat -t => show tcp connection
netstat -u => show udp connection
netstat -l => show listing ports
netstat -n => show in numerical not in words ex:127.0.01 not localhost:
netstat -p => display all ports

Pasted image 20250618210244.png

arp-scan -l or netdiscover

  • using Arp to discover and identify devices on the network.

Pasted image 20250629192548.png


Managing Networks in Linux:

ifconfig:

ifconfig Key Points:

  • eth0 (Ethernet):

    • First wired network interface (eth1, eth2 = more wired).
    • Shows MAC (HWaddr), IP, Broadcast (Bcast), Netmask.
  • lo (Loopback):

    • Localhost address (127.0.0.1).
    • Used for testing services on your own system.
  • wlan0 (Wireless):

    • Appears if Wi-Fi adapter exists.
    • Displays MAC and IP for wireless.
  • Use Cases:

    • Check IP/MAC.
    • Verify interfaces are up.
    • Troubleshoot LAN or connectivity issues.

05-21-linux-network-26_Jul_2025.png

Changing Network Information with ifconfig

Note: Please revert your original IP configuration after you are done with this tutorial to restore internet access.

06-13-linux-network-26_Jul_2025.png

*Changing IP

  • is useful; it helps to access other networks (IP Spoofing).
  • Example: If you're performing a denial of service attack, changing the IP can make the attack appear to come from another source, helping to evade IP capture during forensics. It's relatively simple.
    sudo ifconfig eth0 192.168.34.24
    

05-34-linux-network-26_Jul_2025.png

Changing IP, Subnet Mask, and Broadcast Address All Together:
sudo ifconfig eth0 192.168.2.131 netmask 255.255.240.0 broadcast 192.168.2.255

06-11-linux-network-26_Jul_2025.png

(3) Changing Mac Address Key Points

  • MAC Address (HWaddr):

    • Unique ID assigned to every network device.
    • Used by networks to identify and restrict devices.
  • Why Spoof?

    • Bypass MAC-based filters or tracking systems.
    • Stay anonymous or imitate another device.
    • Used in attacks like ARP poisoning.

ARP Poisoning Example (Using Spoofed MAC)

  • Attacker spoofs their MAC to match the gateway/router.
  • Victim’s machine sends traffic to the attacker thinking it’s the router.
  • Result: Attacker intercepts traffic → MITM (Man-in-the-Middle).

How to Spoof Your MAC

# 1. Take down the interface
ifconfig eth0 down

# 2. Assign a new (fake) MAC address
ifconfig eth0 hw ether 00:11:22:33:44:55

# 3. Bring the interface back up
ifconfig eth0 up
  • Store your old MAC address:
ifconfig eth0 | grep ether | cat > mymac.txt

Try:

ifconfig
ping 127.0.0.1
  • Back up and revert to your original MAC address after spoofing:
    Run this before proceeding with MAC spoofing:
ifconfig eth0 | grep ether | cat > mymac.txt

22-39-linux-network-26_Jul_2025.png

  • Shut down the interface eth0:
sudo ifconfig eth0 down

22-49-linux-network-26_Jul_2025.png

  • Run ifconfig and notice that eth0 isn't up in your output because it is down.Then run ifconfig eth0 to view it.

23-12-linux-network-26_Jul_2025.png

  • After spoofing MAC:
    ifconfig eth0 hw ether 00:11:22:33:44:55
    23-14-linux-network-26_Jul_2025.png
  • Checking if ping works after spoofing MAC address:
    23-18-linux-network-26_Jul_2025.png

2. Verify the Assigned IP

Use ifconfig to confirm the new network configuration:

ifconfig

01-09-linux-network-27_Jul_2025.png
Expected output (example):